[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti] Proposed normative text available for Report object refactoring - (Goal: Reach official consensus by Monday)
For reports, do we really want to create a report object with nothing in it and then have a series of relationships where so much of the meta-data is replicated? I had kind of envisioned the Report object being a bit "special". Meaning that you would be able to include a series of references to objects that were all PART of the report. The report object is just a special object and differs from other objects in STIX and the package. { "type": "report", "id": "report--84e4d88f-44ea-4bcd-bbf3-b2c1c320bcbd", "created_at": "2015-12-21T19:59:11.000000+00:00", "title": "The Black Vine Cyberespionage Group", "descriptions": [ "A simple report" ],"intents": ["Threat Report"], "created_by_ref": "identity--a463ffb3-1bd9-4d94-b02d-74e4f1658283", "reported_objects": [ "indicator--26ffb872-1dd9-446e-b6f5-d58527e5b5d2", "indicator--26ffb872-1dd9-446e-b6f5-d58527e5b5d3", "campaign--26ffb872-1dd9-446e-b6f5-d58527e5b523" "ttp--26ffb872-1dd9-446e-b6f5-d58527e5b5d4", "threat-actor--26ffb872-1dd9-446e-b6f5-d58527e5b5d5" ] } Thanks, Bret Bret Jordan CISSP Director of Security Architecture and Standards | Office of the CTO Blue Coat Systems PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."
|
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]